eRA Commons 2-Factor Authentication
To make eRA user accounts more secure, eRA is requiring use of two-factor authentication instead
of an eRA account username and password to access eRA modules (eRA Commons, Commons
Mobile, ASSIST, Internet Assisted Review).
Switching to using two-factor authentication makes eRA user accounts more secure and helps maintain confidential information.
- Follow this process and use Login.gov for the initial setup
- and/or use an InCommon Federated account that supports NIH’s two-factor authentication standards
Starting on September 15, 2021, eRA will begin a phased approach for requiring the use of two-factor authentication for user accounts. The new timing of enforcing the requirement depends on the type of user account and a new triggering event. See NOT-OD-21-172.
The Type of User Account:
- This phased approach pertains to all scientific account holders but excludes administrative accounts until early 2022 (also see eRA Commons User Roles)
The Triggering Event:
- All PIs and key personnel associated with an application or Research Performance Progress Report (RPPR) will be required to transition to the use of two-factor authentication 45 days after the submission of their competing grant application (Type 1 or 2) or their RPPR.
Forty-five days after this triggering event, these users will not be able to access eRA systems until they set up and use a two-factor authentication service provider - Login.gov and/or an InCommon Federated account (that supports NIH’s two-factor authentication standards).
eRA will send reminder messages during the 45-day period to individual users who are required to transition to the new two-factor authentication requirement.